Verify IKEv1 nonce size, send 32 byte nonces
authorMartin Willi <martin@revosec.ch>
Fri, 18 Nov 2011 16:14:36 +0000 (17:14 +0100)
committerMartin Willi <martin@revosec.ch>
Tue, 20 Mar 2012 16:30:44 +0000 (17:30 +0100)
src/libcharon/encoding/payloads/nonce_payload.c
src/libcharon/sa/tasks/main_mode.c

index 58ef70a..3c5eeb5 100644 (file)
@@ -19,6 +19,7 @@
 
 #include "nonce_payload.h"
 
+#include <daemon.h>
 #include <encoding/payloads/encodings.h>
 
 typedef struct private_nonce_payload_t private_nonce_payload_t;
@@ -103,8 +104,26 @@ static encoding_rule_t encodings[] = {
 METHOD(payload_t, verify, status_t,
        private_nonce_payload_t *this)
 {
-       if (this->nonce.len < 16 || this->nonce.len > 256)
+       bool bad_length = FALSE;
+
+       if (this->nonce.len > 256)
+       {
+               bad_length = TRUE;
+       }
+       if (this->type == NONCE &&
+               this->nonce.len < 16)
+       {
+               bad_length = TRUE;
+       }
+       if (this->type == NONCE_V1 &&
+               this->nonce.len < 8)
+       {
+               bad_length = TRUE;
+       }
+       if (bad_length)
        {
+               DBG1(DBG_ENC, "%N payload has invalid length (%d bytes)",
+                        payload_type_names, this->type, this->nonce.len);
                return FAILED;
        }
        return SUCCESS;
index 4468482..2de9c0e 100644 (file)
@@ -171,8 +171,7 @@ METHOD(task_t, build_i, status_t,
                                DBG1(DBG_IKE, "no RNG found to create nonce");
                                return FAILED;
                        }
-                       /* TODO-IKEv1: nonce size? */
-                       rng->allocate_bytes(rng, 20, &this->nonce_i);
+                       rng->allocate_bytes(rng, NONCE_SIZE, &this->nonce_i);
                        rng->destroy(rng);
 
                        nonce_payload = nonce_payload_create(NONCE_V1);
@@ -297,7 +296,6 @@ METHOD(task_t, process_r, status_t,
                                return FAILED;
                        }
                        this->nonce_i = nonce_payload->get_nonce(nonce_payload);
-                       /* TODO-IKEv1: verify nonce length */
 
                        this->state = MM_KE;
                        return NEED_MORE;
@@ -386,8 +384,7 @@ METHOD(task_t, build_r, status_t,
                                DBG1(DBG_IKE, "no RNG found to create nonce");
                                return FAILED;
                        }
-                       /* TODO-IKEv1: nonce size? */
-                       rng->allocate_bytes(rng, 20, &this->nonce_r);
+                       rng->allocate_bytes(rng, NONCE_SIZE, &this->nonce_r);
                        rng->destroy(rng);
 
                        nonce_payload = nonce_payload_create(NONCE_V1);
@@ -483,7 +480,6 @@ METHOD(task_t, process_i, status_t,
                                return FAILED;
                        }
                        this->nonce_r = nonce_payload->get_nonce(nonce_payload);
-                       /* TODO-IKEv1: verify nonce length */
 
                        return NEED_MORE;
                }